In each cloud environment, there are a number of security aspects you can set up, says Mohamed El Haddouchi, Director Solutions & Innovation at Infradata, but that in itself is not without difficulty.
Mohamed El Haddouchi
'The only problem here is that, from the security perspective, you don't want to administer three or four environments each in their own way. Because in Amazon Web Services security is organised in a completely different way than in Microsoft Azure, and you need yet another security policy for your company network.
'....Suddenly have four or five different kinds of security policy that you need to run in parallel and handle in different ways.'
Don't replace, supplement
This process and management quickly becomes too complex and expensive.
El Haddouchi says: 'Complexity kills security. That's why it's necessary to think carefully about how you can secure your company as well as possible by using your existing security systems and processes, supplemented by the new security possibilities that you can get from the cloud.'
According to Haddouchi, it's important to see how you can get the various cloud environments working together securely through a single security architecture for the multi-cloud environment.
'To give one example, there are certain security features within AWS that we can apply from Microsoft Azure. So that, irrespective of whether you run an application in the cloud or on-premises, you always have exactly the same security policy, can carry out the same checks and receive the same reports.'
The goal then is to simplify the security architecture, meaning that it no longer matters whether an application runs in the cloud or on-premises. In this way you can also better control your security costs. What's more it provides you with significantly improved security, because you can see and monitor everything and can manage the entire environment from a central point.
Central control point
Parallel to the transition to multi-cloud, for some years companies have often been involved in a transformation that impacts security on the user side of things as well. Mobility is now a very important issue. Users are now relying on devices such as smartphones, tablets, laptops and even smartwatches.
'So, you have to handle various types of devices for each employee. And to this you can add the Internet of Things (IoT), with things like printers, cameras, sensors, alarms. All in all, that's a huge quantity of devices which you didn't have to deal with previously.'
Thinking in terms of identity
Everything is connected with the network and increasingly often requires connectivity with the cloud.
'This is why you need to think differently than you used to', stresses El Haddouchi. 'You can no longer think: I've got a perimeter and I'll pile up a number of security levels here. With firewalls, endpoint security, maybe some anti-DDoS, and then an SIEM on top of that, and you're sorted. No, you now have to give much more thought to the identity of a user.'
Security has to be fully independent of the devices being used. 'You want to know precisely who is logged in. It no longer matters whether this is done with a computer, telephone or tablet. It's purely a question of the identity, the person behind the device. What is this person allowed to do within your network or environment? Identity is a crucial issue here.'
Then you also want to be sure that this person is who he really claims to be. Because if the identity or the password has been stolen, it still shouldn't be possible to misuse this.
El Haddouchi says: 'In the security architecture this brings you to solutions for multi-factor authentication, identity governance, privileged access and identity management. In other words, everything you can use to recognise and identify the user behind the device. So that you know precisely who this is.'
Identity and the cloud
To complete the circle, this identity-based security must mesh with the security of the multi-cloud. This leads you to modern solutions such as Cloud Access Security Broker or CASB, says El Haddouchi.
'This is a solution that, irrespective of where an application or user is located, always shows you who is doing what with applications in the cloud. It also enables you to secure on-premises data by means of encryption, for instance, i.e. even before it is sent to the cloud environment. So, no-one can misuse it, should they actually manage to steal it one time. That's something you can consider in the context of the GDPR as well.'
Kijk this page for more information about Multi-cloud protection